Security

last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Airgroup and Clearpass

This thread has been viewed 1 times

  • 1.  Airgroup and Clearpass

    Posted Aug 17, 2016 12:12 PM

    We had Airgroup working with CPPM forced registration turned on. We have Chromecast devices throughout our district and want to limit what users can see and have access to. We recently added a captive portal with Google Authentication so we create a Cluster for our Master and Local Controller with a VIP.  We also have our AP groups load balanced to both the Master and Local.

    After making the changes the forced registration prevents users from seeing any chromecasts. If I disable the forced registration they will show up.

    Any thoughts?



  • 2.  RE: Airgroup and Clearpass

    EMPLOYEE
    Posted Aug 17, 2016 12:15 PM

    - Are you seeing the AirGroup Authorizations in ClearPass Access Tracker?

    - Are you seeing the server entries on the controller with the command:

    show airgroup cppm entries

    - Did a partner set this up for you?



  • 3.  RE: Airgroup and Clearpass

    Posted Aug 17, 2016 12:30 PM

    I am seeing the AirGroup Authorizations in Clearpass.

    I am seeing the server entries on the Local Controller but not the Master Controller. Since the AP-Groups terminate on different controllers I need to look on both.

    I did have a partner set it up and they could not figure out why it was not working. They suggested I put in help request with Aruba and they were not able to figure it out either.



  • 4.  RE: Airgroup and Clearpass

    EMPLOYEE
    Posted Aug 17, 2016 01:01 PM

    Load balancing APs between two controllers could be your issue.  I am sure that does create a variable.  Users probably should not be allowed to roam between controllers in a regular deployment.



  • 5.  RE: Airgroup and Clearpass

    Posted Aug 17, 2016 01:16 PM

    I will terminate them all on one controller. Which controller would be ideal? The Master or Local? Also, should I have an Active AirGroup Domain setup?

    - Thank you for your quick response.



  • 6.  RE: Airgroup and Clearpass

    EMPLOYEE
    Posted Aug 17, 2016 01:34 PM
    You should only see them on the local controller where the AP is
    terminating. You may want to open a TAC case.


  • 7.  RE: Airgroup and Clearpass

    Posted Aug 17, 2016 02:53 PM
      |   view attached

    I will open another case. The following is the message I see when I am in the Aruba - Dashboard - Airgroup and looking at a client.

    server registration is required but server is not registered in CPPM/Controller

    All of my AirGroup servers are in Clearpass Manage Devices and are shared devices. Is there anything on the Clearpass side that I am missing?

     

    screenshot-10.1.71.221 4343 2016-08-17 14-45-34.png

     

     



  • 8.  RE: Airgroup and Clearpass

    Posted Aug 17, 2016 03:20 PM

    Are the 2 controllers added in Clearpass guest under Administration -­> Airgroup Services -> Controllers ?

    If you press the read configuration button when selecting one, is it working ?



  • 9.  RE: Airgroup and Clearpass

    EMPLOYEE
    Posted Aug 17, 2016 03:23 PM
    Which controller is that from?


  • 10.  RE: Airgroup and Clearpass

    Posted Aug 17, 2016 04:23 PM

    The image is from the Local controller which is where all the AP's now terminate. All Airgroup Users and Servers are showing up here.



  • 11.  RE: Airgroup and Clearpass

    Posted Aug 17, 2016 04:21 PM

    Both Controllers are added in Clearpass and the Read Configuration button is working.